Reauth time?

[boxxa]

Right now, I use the auth-user-pass-verify setting to run a bash script to check my usernames in a global MySQL database. These accounts expire but my question is how often does this auth method get called? If a user passes auth when they connect, will they always be connected until they disconnect or does it get run after a set time?

I did some reading on the up, up-restart, and down settings but just wondering how I would access the current user credentials on that and set the time out if I ran my shell script to recheck auth.

[janjust]

once a VPN session is up it will remain up until the user disconnects or until the VPN server drops the connection. There is no built-in reauth mechanism, and what's more, with an auth-user-pass script the user would most likely be queried again for it !

I'm not saying this is perfect - others have asked similar questions - but it's just the way it is.

[boxxa]

Hmmm.... any way to combat this other then setting hard connection times like 24 hours?

[boxxa]

Also, I just wrote a bash script that kills all openvpn processes (Run then all with the command: openvpn tcp53.cfg) so there is a bunch running. I also modified my config to remove persitent keys and tunnels.

In theory this should cause all clients to reauth on the script execution correct?

[janjust]

Hmmm.... any way to combat this other then setting hard connection times like 24 hours?

no, not that I know of , unless you'd modify the openvpn sources.

if the server process is killed the client will be forced to reconnect; an alternative is to use the management interface on the server , and use that to disconnect all clients after a certain amount of time.

[boxxa]

Thanks.

I haven't done much with the management interface but I just have a bash script running every 24 hours that kills all server processes and restarts them to flush the accounts.